Cloud Backup

Cloud Backup is a BackupAssist add-on that allows you to back up data to remote data centers across the internet. BackupAssist Cloud Backup supports Amazon S3, Microsoft Azure and WebDAV enabled cloud storage providers as backup destinations.

Cloud Backup backs up files in chunks and keeps track of what files have been sent to the cloud destination. This means if the backup jobs stops or is interrupted, for example due to a network or internet outage, the backup job can resume and does not need to restart.

If a problem interrupts the backup job, BackupAssist will try several times to continue backing up, and if this does not work, it will try the next chunk to be backed up in case the problem is with specific chunks of data.

Resume Cloud Backup outcomes:

If the backup job can resume, it will complete the backup.

If the backup job cannot resume, it will not create a backup and the job will fail.

If the backup job can resume after skipping data chunks that could not be backed up, the backup job will continue without those files and add a warning to the backup report to advise what files were not backed up.

Note: If you manually cancel a Cloud Backup job in BackupAssist, the next time that job runs (either manually or scheduled), the backup job will resume from the point at which it was canceled.

All data is encrypted on the local machine that BackupAssist is installed on prior to it being transferred over a secure connection to the cloud provider you’ve chosen as your destination. Because this is BackupAssist's own encryption, the cloud provider cannot access the backup, or even see what data you backed up. In addition to this, the cloud service provider will apply its own encryption to the cloud container to further protect the backup.

In addition to this, your files are also password protected and there is no way to access your data without this password. It is recommended you do not share this password.

Warning: We also recommend that you store a copy of your password somewhere secure, as BackupAssist Technical Support cannot recover lost passwords.

BackupAssist automatically removes data that is no longer needed (from old backups) from the provider, to reduce storage costs.

The process does not yet support concurrent backups or concurrent backup and restore, meaning that if you try to have more than one backup running to a container then one or both backups may become corrupted.

Note: In future, BackupAssist will support the re-use of containers, but for now it is important that a single container be dedicated to a single job on a single BackupAssist installation.

Cloud Backup is designed to make full use of the available bandwidth, and we have seen utilization exceeding 20Mbps.

Cloud Backup uses deduplication and compression to give effective speeds that are even greater. We have seen a Hyper-V VM that contained over 100GB in VHD files take only 4 hours to complete. This is effectively more than 50Mbps.

Cloud containers are managed by the cloud service providers, Amazon Web Services and Microsoft Azure. We do not currently have the ability to manage how the container is managed, as this is controlled by the providers own consoles and features. However, we are investigating what options we have to restrict the size of Cloud Backups.

It is worth noting that you can use BackupAssist to set how many backups are kept in the cloud destination using Cloud Backup’s Schedule options. There are two schemes available: The Grandfather-Father-Son scheme keeps 23 backups but the Basic scheme stores just 1 backup for each day of the week, so a maximum of 7.

When you create a Cloud Backup job, you can seed the data to the cloud destination if there is too much data to send across the internet in the first full backup. Seeding involves putting the data on a removable drive and sending it to your cloud provider so they can copy the data to your cloud container. Your backup job will then detect the data in the container the first time it runs, and only back up data that has changed.

When to seed

You should consider seeding if the time required to back up all the data on a Cloud Backup's first run would be too long and impact other processes. This will depend on the amount data you have selected and the performance of your connection. For example, if the backup will take more than a day, it may impact your network during business hours and prevent scheduled backups from running, so seeding would be a viable option.

Seeding with BackupAssist

BackupAssist has a Seeding Tool, which prepares the drive that you send to your cloud provider by copying to data to the drive in the correct format. The process from that point on is defined by your cloud provider.

Creating cloud storage

Before you can run a Cloud Backup job, you will need to have a cloud destination set up. This can be done by a creating an account with Amazon Web Services, Microsoft Azure or a cloud provider that supports WebDAV.

WebDAV is an extension of the HTTP protocol that allows clients to perform remote Web content authoring operations. For backups, this means it can be used to transfer data from BackupAssist to a cloud destination that has WebDAV enabled. WebDAV is supported by some cloud storage providers who enable it on their web servers. If you select a provider that supports WebDAV, follow the steps on their website to create an account.

Not all cloud providers will support WebDAV, so it's important to research your cloud provider and their requirements before committing to their cloud storage service.

Private clouds can also be set up by installing a remote server with WebDAV support. In this case, there is no cloud provider account, as you operate the server yourself. To learn more, see Private Cloud destinations

BackupAssist will create the cloud container for the backup job to use during the job's creation, when you select Check destination in the Set up Destination step. However, you will need to configure your cloud account.

Warning: We recommended letting BackupAssist manage the space in the cloud backup container. This means not enabling (or turn off ) any space management or life-cycle tasks on your cloud backup containers. Leaving these tasks enabled will lead to parts of the backup’s data being permanently deleted, and result in the backups being incomplete and unusable in a recovery situation.

For Microsoft Azure, this will mean creating a storage account in your Azure account. The Cloud Backup job will create a container (called a blob) inside this storage account for the backup job to use. You can have multiple storage accounts in your Azure account.

Enter the storage account details in the fields provided. The existing selections are defaults and the options selected can effect the cost. For Account kind enter Blob storage. Once the Resource group has been create, it will appear in your list of resources after you refresh the UI.

For Amazon AWS, this will mean creating a backup user to use for your backup jobs. When you create an S3 Cloud Backup job, you will be asked to enter a user account's access keys. The job will then create a container (called a bucket) and give the selected user access. You can create multiple users for your Amazon AWS account and use different user accounts for different jobs.

Note: When you create the user, you will be shown a key and a secret key. The secret key is only ever show once so download it, noted it and keep it safe.

For WebDAV, the account preparations required will depend on your chosen Cloud Provider, or your own private cloud server setup. Refer to the documentation provided with your chosen cloud storage solution. Not all cloud providers will support WebDAV, so it's important to research your cloud provider and their requirements before committing to their cloud storage service.

BackupAssist need copies of AWS keys and Azure connection strings so that it can access these cloud storage destinations. This section explains how to get this information from the AWS and Azure portals so you can enter it into BackupAssist when creating a job.

When backing up to a Microsoft Azure container, a connection string is used by the backup job to access the storage account. The connection string is entered in the Set up destination step when creating the backup job.

To locate the connection string:

Log into the Azure portal.

Select the Storage account from the Resources list.

Select Access keys from the list of Settings.

The dashboard will display the Keys and Connection strings for the selected storage account.

Using the copy button, select a Connection string from one of the key sections. E.g. under Key1.

This will show the users you have created for your S3 storage. You should have a user just for BackupAssist.

Select the user you created for running backup jobs

This user must have at least PowerUserAccess permission. This is a Policy assigned under the Permissions tab in the AWS web console.

Select the user’s Security Credentials tab.

This will show you the user’s Access Key ID, but a Secret Access Key is also required.

Select Create Access Key.

This will generate a pop up with the Access Key ID and the Secret Access Key. The Secret key is unique and will not be saved in the console.

Copy and download the credentials

These keys will be needed when you create the backup job. You can perform these steps when creating the backup job and copy the keys into to the job's Set up destination screen, or copy the keys to a file so they can be used later.

Amazon has an excellent guide that can be followed to get a copy of the access key here:

Creating a cloud backup job

The following steps explain how to create a backup job that will back up your data to a cloud destination.

Launch BackupAssist and follow the steps outlined below:

Select the Backup tab

Select Create a new backup Job

Select Cloud Backup

If this is the first time you have created a backup job, you will be asked to provide a Backup User Identity. To learn more, see Backup User Identity. To throttle the bandwidth used by Cloud Backup, see Cloud Backup settings

Selections

This step is used to select the data and applications that you want to back up. Any VSS applications detected will be displayed here as application directory containers.

WebDAV can be used to back up to either a cloud provider that supports WebDAV, or to your own private cloud using WebDAV . To lean more, see Private Cloud destinations

Schedule

This step is used to select when and how you would like the backup job to run, and how long you would like the backup to be retained for. A selection of pre-configured schedules, called schemes, can be selected.

This step configures the cloud backup destination selected in step 5. There are different settings for Amazon S3, Microsoft Azure and WebDAV destinations.

Warning: We recommended letting BackupAssist manage the space in the cloud backup container. This means not enabling (or turn off ) any space management or life-cycle tasks on your cloud backup containers. Leaving these tasks enabled will lead to parts of the backup’s data being permanently deleted, and result in the backups being incomplete and unusable in a recovery situation.

Amazon S3 bucket settings

Fill in the S3 bucket settings including the bucket name, and your Access Key ID and Secret Access Key.

Enter a name for your S3 bucket. BackupAssist will use this name to create the bucket. Provide a different name for each job, because a different bucket must be used by each backup job. This name must follow the conventions explained in Amazon's naming guide.

Amazon S3 Region

Select the region for the data center where you want your cloud storage to be based.

Note: Seeding is only supported for us-east-1, us-west-1, us-west-2, eu-west-1, ap-southeast-1. To learn more see Amazon S3 seeding

Access Key ID & Secret Access Key

For this step, you will need to get the Access Key ID and generate a Secret Access key for the AWS backup user account that will be used for this backup job. This is done in the AWS portal.

Select Services > IAM > Users then select the user account you want to use. Select the Security Credentials tab, and select the Create Access Key button. Select Download Credentials to save the 2 keys in a CSV file. You won't be able to view the Secret Access Key once the dialog has closed.

For detailed instructions, see the How to get Amazon S3 storage keys section above.

Once you have the 2 keys, enter them into the fields provided.

Note: If you plan to seed your backup, you will need these keys for the seeding process, so you will need to record the Secret Access Key for later use because the secret access key can only be retrieved when it is created.

Encryption Password

Cloud Backup uses encryption to protect your data. Enter and confirm an encryption password. This password will be needed if you perform a restore.

Note: It is important that you keep a copy of your password in a safe place, as we cannot retrieve passwords if they are lost or forgotten.

Check destination

Select the Check destination button. This important step uses the information provided to test the connection to the cloud destination, and then creates the cloud container (bucket) that the backup job will use.

Azure container settings

Fill in the Azure container settings including the container name and connection string.

Enter a name for your Azure container. BackupAssist will use this name to create the container. Provide a different name for each job, as a different container must be used by each backup job. This name must follow the conventions explained in the "Container Names" section in Microsoft's naming guide.

Connection string

Log into the Azure portal and, select the Storage account from the Resources list and select Access keys from the list of Settings. Under each key will be a Connection string. Use the copy button to select a Connection string from one of the key sections and
Paste it into the field provided on BackupAssist's Set up destination screen.

To learn more, see the Set up your cloud account section above or the Azure website.

Encryption Password

Cloud Backup uses encryption to protect your data. Enter and confirm an encryption password. This password will be needed if you perform a restore.

Note: It is important that you keep a copy of your password in a safe place, as we cannot retrieve passwords if they are lost or forgotten.

Check destination

Select the Check destination button. This important step uses the information provided to test the connection to the cloud destination, and then creates the cloud container (bucket) that the backup job will use.

If you select Storage accounts from main menu and then name of the account you used, and then select Blobs on the right pane, you will see a blob inside the Storage account with the container name you specified.

WebDAV container settings

Fill in the WebDAV container settings using information from either your cloud provider or private cloud solution.

Enter a name for BackupAssist to use when it creates the destination container for your backup job. The name can only be made of lower case letters and numbers. No capital letters, spaces or special characters are allowed.

Server URL

Enter the URL used by your cloud provider for your WebDAV cloud storage account. If you have a private cloud, this URL will be set up in your destination's internet server.

Ignore SSL warnings

Select this option if you are using an https URL for a private cloud destination with self-signed certificates, rather than a trusted certificate. For example, when using a NAS device, this option will allow you to back up to the device in spite of any SSL errors.

Note: This option is not intended for use with public cloud provider destinations.

User Name

Enter the user name that you have been given for your cloud storage.

Password

Enter the password that you set up for your cloud storage username.

Encryption Password

Cloud Backup uses encryption to protect your data. Enter and confirm an encryption password. This password will be needed if you perform a restore.

Note: It is important that you keep a copy of your password in a safe place, as we cannot retrieve passwords if they are lost or forgotten.

Check destination

Select the Check destination button. This important step uses the information provided to test the connection to the cloud destination, and then creates the destination folder that the backup job will use.

Notifications

Once a backup job has completed, BackupAssist can send an email to inform selected recipients of the result. This email notification is enabled during the creation of the backup job, but you must also provide your mail server settings so that the notifications can be sent. To learn how to configure your mail server for BackupAssist, see
Email server settings.

Note: After the backup job has been created, you can modify the notification's recipients, set additional notification conditions and include print and file notification types. To learn more, see Email address list

Name your backup

Provide a name for your backup job, and click Finish.

Next Steps

This step explains the seed backup option that is available if you think there is too much data for the first full backup across the internet. Seeding should only be considered after understanding what seeding involves as it requires following detailed process managed by your cloud provider and there will be costs involved. To learn more, see Cloud Seeding

Cloud Backup restores

Perform a restore from a Cloud Backup as you would for any other backup type. Simply select the Restore tab, select the required restore option and follow the steps. To learn more, see Restore tab